{{- if .Values.nodeManager.internal.capiControllerManagerEnabled }}
---
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
  {{- include "helm_lib_module_labels" (list . (dict "app" "capi-controller-manager")) | nindent 2 }}
  name: capi-mutating-webhook-configuration
webhooks:
  - admissionReviewVersions:
      - v1
      - v1beta1
    clientConfig:
      caBundle: {{ .Values.nodeManager.internal.capiControllerManagerWebhookCert.ca | b64enc }}
      service:
        name: capi-webhook-service
        namespace: d8-cloud-instance-manager
        path: /mutate-cluster-x-k8s-io-v1beta1-machine
    failurePolicy: Fail
    matchPolicy: Equivalent
    name: default.machine.cluster.x-k8s.io
    rules:
      - apiGroups:
          - cluster.x-k8s.io
        apiVersions:
          - v1beta1
        operations:
          - CREATE
          - UPDATE
        resources:
          - machines
    sideEffects: None
  - admissionReviewVersions:
      - v1
      - v1beta1
    clientConfig:
      caBundle: {{ .Values.nodeManager.internal.capiControllerManagerWebhookCert.ca | b64enc }}
      service:
        name: capi-webhook-service
        namespace: d8-cloud-instance-manager
        path: /mutate-cluster-x-k8s-io-v1beta1-machinedeployment
    failurePolicy: Fail
    matchPolicy: Equivalent
    name: default.machinedeployment.cluster.x-k8s.io
    rules:
      - apiGroups:
          - cluster.x-k8s.io
        apiVersions:
          - v1beta1
        operations:
          - CREATE
          - UPDATE
        resources:
          - machinedeployments
    sideEffects: None
  - admissionReviewVersions:
      - v1
      - v1beta1
    clientConfig:
      caBundle: {{ .Values.nodeManager.internal.capiControllerManagerWebhookCert.ca | b64enc }}
      service:
        name: capi-webhook-service
        namespace: d8-cloud-instance-manager
        path: /mutate-cluster-x-k8s-io-v1beta1-machinehealthcheck
    failurePolicy: Fail
    matchPolicy: Equivalent
    name: default.machinehealthcheck.cluster.x-k8s.io
    rules:
      - apiGroups:
          - cluster.x-k8s.io
        apiVersions:
          - v1beta1
        operations:
          - CREATE
          - UPDATE
        resources:
          - machinehealthchecks
    sideEffects: None
  - admissionReviewVersions:
      - v1
      - v1beta1
    clientConfig:
      caBundle: {{ .Values.nodeManager.internal.capiControllerManagerWebhookCert.ca | b64enc }}
      service:
        name: capi-webhook-service
        namespace: d8-cloud-instance-manager
        path: /mutate-cluster-x-k8s-io-v1beta1-machineset
    failurePolicy: Fail
    matchPolicy: Equivalent
    name: default.machineset.cluster.x-k8s.io
    rules:
      - apiGroups:
          - cluster.x-k8s.io
        apiVersions:
          - v1beta1
        operations:
          - CREATE
          - UPDATE
        resources:
          - machinesets
    sideEffects: None
  - admissionReviewVersions:
      - v1
      - v1beta1
    clientConfig:
      caBundle: {{ .Values.nodeManager.internal.capiControllerManagerWebhookCert.ca | b64enc }}
      service:
        name: capi-webhook-service
        namespace: d8-cloud-instance-manager
        path: /mutate-cluster-x-k8s-io-v1beta1-cluster
    failurePolicy: Fail
    matchPolicy: Equivalent
    name: default.cluster.cluster.x-k8s.io
    rules:
      - apiGroups:
          - cluster.x-k8s.io
        apiVersions:
          - v1beta1
        operations:
          - CREATE
          - UPDATE
        resources:
          - clusters
    sideEffects: None
  - admissionReviewVersions:
      - v1
      - v1beta1
    clientConfig:
      caBundle: {{ .Values.nodeManager.internal.capiControllerManagerWebhookCert.ca | b64enc }}
      service:
        name: capi-webhook-service
        namespace: d8-cloud-instance-manager
        path: /mutate-cluster-x-k8s-io-v1beta1-clusterclass
    failurePolicy: Fail
    matchPolicy: Equivalent
    name: default.clusterclass.cluster.x-k8s.io
    rules:
      - apiGroups:
          - cluster.x-k8s.io
        apiVersions:
          - v1beta1
        operations:
          - CREATE
          - UPDATE
        resources:
          - clusterclasses
    sideEffects: None
  - admissionReviewVersions:
      - v1
      - v1beta1
    clientConfig:
      caBundle: {{ .Values.nodeManager.internal.capiControllerManagerWebhookCert.ca | b64enc }}
      service:
        name: capi-webhook-service
        namespace: d8-cloud-instance-manager
        path: /mutate-runtime-cluster-x-k8s-io-v1alpha1-extensionconfig
    failurePolicy: Fail
    matchPolicy: Equivalent
    name: default.extensionconfig.runtime.addons.cluster.x-k8s.io
    rules:
      - apiGroups:
          - runtime.cluster.x-k8s.io
        apiVersions:
          - v1alpha1
        operations:
          - CREATE
          - UPDATE
        resources:
          - extensionconfigs
    sideEffects: None
  - admissionReviewVersions:
      - v1
      - v1beta1
    clientConfig:
      caBundle: {{ .Values.nodeManager.internal.capiControllerManagerWebhookCert.ca | b64enc }}
      service:
        name: capi-webhook-service
        namespace: d8-cloud-instance-manager
        path: /mutate-cluster-x-k8s-io-v1beta1-machinepool
    failurePolicy: Fail
    matchPolicy: Equivalent
    name: default.machinepool.cluster.x-k8s.io
    rules:
      - apiGroups:
          - cluster.x-k8s.io
        apiVersions:
          - v1beta1
        operations:
          - CREATE
          - UPDATE
        resources:
          - machinepools
    sideEffects: None
  - admissionReviewVersions:
      - v1
      - v1beta1
    clientConfig:
      caBundle: {{ .Values.nodeManager.internal.capiControllerManagerWebhookCert.ca | b64enc }}
      service:
        name: capi-webhook-service
        namespace: d8-cloud-instance-manager
        path: /mutate-addons-cluster-x-k8s-io-v1beta1-clusterresourceset
    failurePolicy: Fail
    matchPolicy: Equivalent
    name: default.clusterresourceset.addons.cluster.x-k8s.io
    rules:
      - apiGroups:
          - addons.cluster.x-k8s.io
        apiVersions:
          - v1beta1
        operations:
          - CREATE
          - UPDATE
        resources:
          - clusterresourcesets
    sideEffects: None
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
  annotations:
    cert-manager.io/inject-ca-from: d8-cloud-instance-manager/capi-serving-cert
  {{- include "helm_lib_module_labels" (list . (dict "app" "capi-controller-manager")) | nindent 2 }}
  name: capi-validating-webhook-configuration
webhooks:
  - admissionReviewVersions:
      - v1
      - v1beta1
    clientConfig:
      caBundle: {{ .Values.nodeManager.internal.capiControllerManagerWebhookCert.ca | b64enc }}
      service:
        name: capi-webhook-service
        namespace: d8-cloud-instance-manager
        path: /validate-cluster-x-k8s-io-v1beta1-machine
    failurePolicy: Fail
    matchPolicy: Equivalent
    name: validation.machine.cluster.x-k8s.io
    rules:
      - apiGroups:
          - cluster.x-k8s.io
        apiVersions:
          - v1beta1
        operations:
          - CREATE
          - UPDATE
        resources:
          - machines
    sideEffects: None
  - admissionReviewVersions:
      - v1
      - v1beta1
    clientConfig:
      caBundle: {{ .Values.nodeManager.internal.capiControllerManagerWebhookCert.ca | b64enc }}
      service:
        name: capi-webhook-service
        namespace: d8-cloud-instance-manager
        path: /validate-cluster-x-k8s-io-v1beta1-machinedeployment
    failurePolicy: Fail
    matchPolicy: Equivalent
    name: validation.machinedeployment.cluster.x-k8s.io
    rules:
      - apiGroups:
          - cluster.x-k8s.io
        apiVersions:
          - v1beta1
        operations:
          - CREATE
          - UPDATE
        resources:
          - machinedeployments
    sideEffects: None
  - admissionReviewVersions:
      - v1
      - v1beta1
    clientConfig:
      caBundle: {{ .Values.nodeManager.internal.capiControllerManagerWebhookCert.ca | b64enc }}
      service:
        name: capi-webhook-service
        namespace: d8-cloud-instance-manager
        path: /validate-cluster-x-k8s-io-v1beta1-machinehealthcheck
    failurePolicy: Fail
    matchPolicy: Equivalent
    name: validation.machinehealthcheck.cluster.x-k8s.io
    rules:
      - apiGroups:
          - cluster.x-k8s.io
        apiVersions:
          - v1beta1
        operations:
          - CREATE
          - UPDATE
        resources:
          - machinehealthchecks
    sideEffects: None
  - admissionReviewVersions:
      - v1
      - v1beta1
    clientConfig:
      caBundle: {{ .Values.nodeManager.internal.capiControllerManagerWebhookCert.ca | b64enc }}
      service:
        name: capi-webhook-service
        namespace: d8-cloud-instance-manager
        path: /validate-cluster-x-k8s-io-v1beta1-machineset
    failurePolicy: Fail
    matchPolicy: Equivalent
    name: validation.machineset.cluster.x-k8s.io
    rules:
      - apiGroups:
          - cluster.x-k8s.io
        apiVersions:
          - v1beta1
        operations:
          - CREATE
          - UPDATE
        resources:
          - machinesets
    sideEffects: None
  - admissionReviewVersions:
      - v1
      - v1beta1
    clientConfig:
      caBundle: {{ .Values.nodeManager.internal.capiControllerManagerWebhookCert.ca | b64enc }}
      service:
        name: capi-webhook-service
        namespace: d8-cloud-instance-manager
        path: /validate-cluster-x-k8s-io-v1beta1-cluster
    failurePolicy: Fail
    matchPolicy: Equivalent
    name: validation.cluster.cluster.x-k8s.io
    rules:
      - apiGroups:
          - cluster.x-k8s.io
        apiVersions:
          - v1beta1
        operations:
          - CREATE
          - UPDATE
          - DELETE
        resources:
          - clusters
    sideEffects: None
  - admissionReviewVersions:
      - v1
      - v1beta1
    clientConfig:
      caBundle: {{ .Values.nodeManager.internal.capiControllerManagerWebhookCert.ca | b64enc }}
      service:
        name: capi-webhook-service
        namespace: d8-cloud-instance-manager
        path: /validate-cluster-x-k8s-io-v1beta1-clusterclass
    failurePolicy: Fail
    matchPolicy: Equivalent
    name: validation.clusterclass.cluster.x-k8s.io
    rules:
      - apiGroups:
          - cluster.x-k8s.io
        apiVersions:
          - v1beta1
        operations:
          - CREATE
          - UPDATE
          - DELETE
        resources:
          - clusterclasses
    sideEffects: None
  - admissionReviewVersions:
      - v1
      - v1beta1
    clientConfig:
      caBundle: {{ .Values.nodeManager.internal.capiControllerManagerWebhookCert.ca | b64enc }}
      service:
        name: capi-webhook-service
        namespace: d8-cloud-instance-manager
        path: /validate-runtime-cluster-x-k8s-io-v1alpha1-extensionconfig
    failurePolicy: Fail
    matchPolicy: Equivalent
    name: validation.extensionconfig.runtime.cluster.x-k8s.io
    rules:
      - apiGroups:
          - runtime.cluster.x-k8s.io
        apiVersions:
          - v1alpha1
        operations:
          - CREATE
          - UPDATE
        resources:
          - extensionconfigs
    sideEffects: None
  - admissionReviewVersions:
      - v1
      - v1beta1
    clientConfig:
      caBundle: {{ .Values.nodeManager.internal.capiControllerManagerWebhookCert.ca | b64enc }}
      service:
        name: capi-webhook-service
        namespace: d8-cloud-instance-manager
        path: /validate-cluster-x-k8s-io-v1beta1-machinepool
    failurePolicy: Fail
    matchPolicy: Equivalent
    name: validation.machinepool.cluster.x-k8s.io
    rules:
      - apiGroups:
          - cluster.x-k8s.io
        apiVersions:
          - v1beta1
        operations:
          - CREATE
          - UPDATE
        resources:
          - machinepools
    sideEffects: None
  - admissionReviewVersions:
      - v1
      - v1beta1
    clientConfig:
      caBundle: {{ .Values.nodeManager.internal.capiControllerManagerWebhookCert.ca | b64enc }}
      service:
        name: capi-webhook-service
        namespace: d8-cloud-instance-manager
        path: /validate-addons-cluster-x-k8s-io-v1beta1-clusterresourceset
    failurePolicy: Fail
    matchPolicy: Equivalent
    name: validation.clusterresourceset.addons.cluster.x-k8s.io
    rules:
      - apiGroups:
          - addons.cluster.x-k8s.io
        apiVersions:
          - v1beta1
        operations:
          - CREATE
          - UPDATE
        resources:
          - clusterresourcesets
    sideEffects: None
  - admissionReviewVersions:
      - v1
      - v1beta1
    clientConfig:
      caBundle: {{ .Values.nodeManager.internal.capiControllerManagerWebhookCert.ca | b64enc }}
      service:
        name: capi-webhook-service
        namespace: d8-cloud-instance-manager
        path: /validate-addons-cluster-x-k8s-io-v1beta1-clusterresourcesetbinding
    failurePolicy: Fail
    matchPolicy: Equivalent
    name: validation.clusterresourcesetbinding.addons.cluster.x-k8s.io
    rules:
      - apiGroups:
          - addons.cluster.x-k8s.io
        apiVersions:
          - v1beta1
        operations:
          - CREATE
          - UPDATE
        resources:
          - clusterresourcesetbindings
    sideEffects: None
  - admissionReviewVersions:
      - v1
      - v1beta1
    clientConfig:
      caBundle: {{ .Values.nodeManager.internal.capiControllerManagerWebhookCert.ca | b64enc }}
      service:
        name: capi-webhook-service
        namespace: d8-cloud-instance-manager
        path: /validate-ipam-cluster-x-k8s-io-v1alpha1-ipaddress
    failurePolicy: Fail
    matchPolicy: Equivalent
    name: validation.ipaddress.ipam.cluster.x-k8s.io
    rules:
      - apiGroups:
          - ipam.cluster.x-k8s.io
        apiVersions:
          - v1alpha1
        operations:
          - CREATE
          - UPDATE
          - DELETE
        resources:
          - ipaddresses
    sideEffects: None
  - admissionReviewVersions:
      - v1
      - v1beta1
    clientConfig:
      caBundle: {{ .Values.nodeManager.internal.capiControllerManagerWebhookCert.ca | b64enc }}
      service:
        name: capi-webhook-service
        namespace: d8-cloud-instance-manager
        path: /validate-ipam-cluster-x-k8s-io-v1alpha1-ipaddressclaim
    failurePolicy: Fail
    matchPolicy: Equivalent
    name: validation.ipaddressclaim.ipam.cluster.x-k8s.io
    rules:
      - apiGroups:
          - ipam.cluster.x-k8s.io
        apiVersions:
          - v1alpha1
        operations:
          - CREATE
          - UPDATE
          - DELETE
        resources:
          - ipaddressclaims
    sideEffects: None
{{- end }}
